Detecting and Preventing Session Hijacking

1. A security device, comprising: one or more hardware processors to: receive, from a user device, a first request destined for a server device, the server device being different than the security device, and the first request including a first modified session identifier, the first modified session identifier including a modified version of an original session identifier received from the server device, the original session identifier having been modified by the security device using a first modification technique; determine the original session identifier based on the first modified session identifier; modify the original session identifier, using a second modification technique, to create a second modified session identifier, the second modification technique being different than the first modification technique; provide information, including the second modified session identifier, to the user device; receive a second request destined for the server device, the second request including the first modified session identifier; determine that the first modified session identifier is not a current session identifier associated with a session between the user device and the server device; provide, to the server device, session termination information indicating that the server device is to terminate the session between the user device and the server device, the server device terminating the session between the user device and the server device based on the session termination information; receive a third request destined for the server device, the third request including the second modified session identifier; and deny the third request based on the session between the user device and the server device having been terminated.

2. The security device of claim 1 , where the one or more hardware processors are further to: determine that the second request is received from a device other than the user device; determine that more than one device is attempting to use the session based on determining that the second request is received from the device other than the user device; and provide, to the server device, the session termination information based on determining that more than one device is attempting to use the session.

3. The security device of claim 2 , where the one or more hardware processors are further to: provide, to the user device and the device other than the user device, a message indicating that the session has been compromised or terminated.

4. The security device of claim 2 , where the device other than the user device is an attacker device or another user device.

5. The security device of claim 1 , where the one or more hardware processors are further to: receive the second request before a request, that includes the second modified session identifier, is received from the user device.

6. The security device of claim 1 , where, when the second request includes the second modified session identifier, the one or more hardware processors are to: receive the second request after a request, that includes the second modified session identifier, is received from the user device.

7. The security device of claim 1 , where the one or more hardware processors are further to: determine a string of characters to add to the original session identifier; and modify, using the first modification technique, the original session identifier by adding the string of characters to the original session identifier.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a security device, cause the one or more processors to: receive, from a user device, a first request destined for a server device, the server device being different than the security device, and the first request including a first modified session identifier, the first modified session identifier including a modified version of an original session identifier received from the server device, the original session identifier having been modified by the security device using a first modification technique; determine the original session identifier based on the first modified session identifier; modify the original session identifier, using a second modification technique, to create a second modified session identifier, the second modification technique being different than the first modification technique; provide information, including the second modified session identifier, to the user device; receive a second request destined for the server device, the second request including the first modified session identifier; determine that the first modified session identifier is not a current session identifier associated with a session between the user device and the server device; provide, to the server device, session termination information indicating that the server device is to terminate the session between the user device and the server device, the server device terminating the session between the user device and the server device based on the session termination information; receive a third request destined for the server device, the third request including the second modified session identifier; and deny the third request based on the session between the user device and the server device having been terminated.

9. The non-transitory computer-readable medium of claim 8 , where the instructions further comprise: one or more instructions that, when executed by the one or more processors, further cause the one or more processors to: determine that the second request is received from a device other than the user device; determine that more than one device is attempting to use the session based on determining that the second request is received from the device other than the user device; and provide, to the server device, the session termination information based on determining that more than one device is attempting to use the session.

10. The non-transitory computer-readable medium of claim 9 , where the instructions further comprise: one or more instructions that, when executed by the one or more processors, further cause the one or more processors to: provide, to the user device and the device other than the user device, a message indicating that the session has been compromised or terminated.

11. The non-transitory computer-readable medium of claim 9 , where the device other than the user device is an attacker device or another user device.

12. The non-transitory computer-readable medium of claim 8 , where the instructions further comprise: one or more instructions that, when executed by the one or more processors, further cause the one or more processors to: receive the second request before a request, that includes the second modified session identifier, is received from the user device.

13. The non-transitory computer-readable medium of claim 8 , where, when the second request includes the second modified session identifier, the instructions further comprise: one or more instructions that, when executed by the one or more processors, further cause the one or more processors to: receive the second request after a request, that includes the second modified session identifier, is received from the user device.

14. The non-transitory computer-readable medium of claim 8 , where the instructions further comprise: one or more instructions that, when executed by the one or more processors, further cause the one or more processors to: determine a string of characters to add to the original session identifier; and modify, using the first modification technique, the original session identifier by adding the string of characters to the original session identifier.

15. A method, comprising: receiving, by a security device and from a user device, a first request destined for a server device, the security device including one or more hardware processors, the server device being different than the security device, and the first request including a first modified session identifier, the first modified session identifier including a modified version of an original session identifier received from the server device, the original session identifier having been modified by the security device using a first modification technique; determining, by the security device, the original session identifier based on the first modified session identifier; modifying, by the security device, the original session identifier, using a second modification technique, to create a second modified session identifier, the second modification technique being different than the first modification technique; providing, by the security device and to the user device, information including the second modified session identifier; receiving, by the security device, a second request destined for the server device, the second request including the first modified session identifier; determining, by the security device, that the first modified session identifier is not a current session identifier associated with a session between the user device and the server device; providing, by the security device and to the server device, session termination information indicating that the server device is to terminate the session between the user device and the server device, the server device terminating the session between the user device and the server device based on the session termination information; receiving, by the security device, a third request destined for the server device, the third request including the second modified session identifier; and denying, by the security device, the third request based on the session between the user device and the server device having been terminated.

16. The method of claim 15 , further comprising: determining that the second request is received from a device other than the user device; determining that more than one device is attempting to use the session based on determining that the second request is received from the device other than the user device; and providing, to the server device, the session termination information based on determining that more than one device is attempting to use the session.

17. The method of claim 16 , further comprising: providing, to the user device and the device other than the user device, a message indicating that the session has been compromised or terminated.

18. The method of claim 16 , where the device other than the user device is an attacker device or another user device.

19. The method of claim 15 , further comprising: receiving the second request before a request, that includes the second modified session identifier, is received from the user device.

20. The method of claim 15 , where, when the second request includes the second modified session identifier, the method further comprises: receiving the second request after a request, that includes the second modified session identifier, is received from the user device.